**** BEGIN LOGGING AT Wed Feb 10 02:59:59 2016 Feb 10 11:25:29 moin Feb 10 18:03:15 Pali: could you rebase to -rc3? Feb 10 20:53:11 freemangordon: later I can do it Feb 10 20:53:37 anyway, you asked what is missing... in mainline kernel is that bug in omapfb :-) Feb 10 22:25:24 Is there anyone around who can help me out by testing something on their N900? Feb 10 22:28:35 what is it, and what conditions for the test? Feb 10 22:44:27 I just want someone to try installing my new updated maemo-security-certman packages and then see what happens when they visit certain https websites Feb 10 22:44:50 Doesn't matter if you are running CSSU or not or what, I just want more data points Feb 10 22:45:06 right now we have one data point (me) that says "its broken" and another one from the forum that says "it works" Feb 10 22:45:30 hmm Feb 10 22:45:34 i saw the thread Feb 10 22:45:41 okay. will install Feb 10 22:45:45 I guess you're just not trying the same sites? Feb 10 22:46:31 they are :) Feb 10 22:48:04 we are definatly trying the same sites Feb 10 22:48:20 Sicelo009N: Are you running CSSU? Feb 10 22:49:37 yes, cssu testing on one, and thumb on the other. Feb 10 22:51:53 ok, great Feb 10 23:00:24 taking long ... 2nd N900 acting up for some reason. rebooting it Feb 10 23:09:49 ok Feb 10 23:09:50 installed. rebooting again just to be sure. on to testing websites Feb 10 23:11:36 jonwil: please remind me link for your bank. Feb 10 23:12:10 try www.entrust.com Feb 10 23:12:13 that one doesn't work Feb 10 23:12:25 its the main website for the CA that is used by a bunch of broken sites Feb 10 23:13:46 my bank's https site works .. entrust-based. trying entrust itself now Feb 10 23:14:22 is this on cssu-thumb or cssu-testing? Feb 10 23:16:18 cssu-testing. Feb 10 23:17:07 entrust opening very slowly .. let's see what happens Feb 10 23:20:01 seems fine too Feb 10 23:22:39 (hate it when microb sits there not loading a website when there's even no load on system) Feb 10 23:26:29 jonwil: microsoft site fine too. so looks like you fixed the thing for us, and somehow left yourself in the dark. i got no idea how to help Feb 10 23:27:17 Its likely that something in CSSU may be a factor here Feb 10 23:27:26 Or something in one of my self-built packages Feb 10 23:27:58 I am going to see what happens if I use my "restore packages to stock" switcher and see what happens if I install just the new certificates Feb 10 23:28:50 you're not on cssu? Feb 10 23:31:20 no, I am on a set of self-built packages built from CSSU Git Feb 10 23:31:21 mostly Feb 10 23:31:49 I just dont want all of CSSU for various reasons Feb 10 23:32:59 in my culture, a person must eat food he cooks, just in case it's poisonous :p Feb 10 23:33:36 I am running all the packages that I have actually written code for (except those that aren't yet complete) Feb 10 23:34:08 ah, at least Feb 10 23:35:04 :] Feb 10 23:35:11 ok, so running stock with just the new certman bits doesn't work either. Its entirely possible that there is something in CSSU that is impacting it or its possible something in your local system is making it work somehow Feb 10 23:35:28 e.g. some certificate has been cached by microb at some point or otherwise added to microb Feb 10 23:35:33 and that is causing things to work for you Feb 10 23:36:03 ping anytime you need further tests :) Feb 10 23:36:43 jonwil: what about the certman-related entries in http://wiki.maemo.org/Community_SSU/Changelog ? Feb 10 23:36:54 I have all those patches Feb 10 23:37:11 My code lives in community ssu git after all :) Feb 10 23:37:52 rebooting thumb N900 for the certs update. Feb 10 23:37:57 ok Feb 10 23:38:47 if GDB wasn't failing to properly debug microb-engine, I could see what is going wrong... Feb 10 23:43:17 hmm, on my thumb system, all certificates are messed up now. many missing Feb 10 23:43:27 only invalid ones remaining Feb 10 23:43:37 will reinstall the packages Feb 10 23:46:09 oh gosh Feb 10 23:48:44 jonwil: on your device, what do you see in the list of certificates? maybe you have invalids like i do here. Feb 10 23:50:14 Every certificate I see in the certificate manager applet is legit Feb 10 23:50:27 The ones marked "certificate not currently valid" is correct since those are the blacklisted ones Feb 10 23:50:47 in my case i have only few certs, all invalid Feb 10 23:50:54 what could be cause? Feb 10 23:50:56 Leaving `diversion of /usr/lib/microb-engine/libnssckbi.so to /usr/lib/microb-engine/libnssckbi.mozilla by libmaemosec-certman0' Feb 10 23:51:06 anything amiss with that line? Feb 10 23:51:15 nope, thats lefit Feb 10 23:51:23 what do you have in /etc/certs? Feb 10 23:52:29 the 3 categories Feb 10 23:52:54 in common-ca, lots of them Feb 10 23:53:15 460 according to wc-l Feb 10 23:53:30 what about /etc/secure? Feb 10 23:55:16 two directories, e and s. Feb 10 23:55:22 and in the s folder? Feb 10 23:55:29 nothing in e, and 3 files in s Feb 10 23:57:47 certman.common-ca does contain what seems to be a valid list Feb 10 23:58:47 ok, weird that it isn't installing properly on your thumb device when it worked for someone else with cssu-thumb and it worked for you on your other device Feb 11 00:07:51 any idea how to recover? :/ Feb 11 00:08:36 trying to apt get reinstall those packages gives me "reinstallation is not possible, it cannot be downloaded" Feb 11 00:08:45 let me look for debs Feb 11 00:16:48 solved reinstallation, but my cert manager still only with invalid certs Feb 11 00:31:55 What version of maemosec-certman-applet do you have installed? Feb 11 00:36:07 now install 0.2.3 Feb 11 00:36:23 maybe must reboot after reinstalling? Feb 11 00:37:16 yeah maybe Feb 11 00:39:09 didn't help Feb 11 00:40:53 i hope there's a way to fix this without reflash. not keen on doing that Feb 11 00:41:05 Ok try this. dpkg -P on each of the maemosec-certman packages Feb 11 00:41:25 Then remove /etc/certs/* and /etc/secure/* Feb 11 00:41:27 then reinstall Feb 11 00:41:36 Thats the only thing I can suggest Feb 11 00:41:36 what does dpkg -P do? Feb 11 00:42:06 Remove the package and all its config files Feb 11 00:42:52 mp-fremantle... tied to it. cannot be removed :) Feb 11 00:43:14 i'll remove the /etc/ stuff as you suggest and do a reinstall. let's see Feb 11 00:43:28 yeah try that Feb 11 00:43:33 Thats the only suggestion I have Feb 11 00:45:05 absolutely no certs now Feb 11 00:45:30 ok, try reinstalling libnss3 and libss3-certs Feb 11 00:45:32 that might do something Feb 11 00:45:50 also try reinstalling maemosec-certman-applet and libmaemosec-certman-applet0 Feb 11 00:48:06 peop.e must not delete /etc/certs/* or /etc/secure/* it seems Feb 11 00:48:35 hmmm, I have no idea how to fix then, sorrry Feb 11 00:48:36 when installing libmaemosec* now there's 'list' of certs that gets updated. Feb 11 00:48:50 i guess i'll copy it over from 2nd N900 Feb 11 00:49:02 yeah try that Feb 11 00:49:04 see what happens Feb 11 00:50:25 jonwil: could it be that some of the postinst scripts in the debs has problem? Feb 11 00:50:36 Those haven' Feb 11 00:50:43 Haven't been touched from the Nokia originals Feb 11 00:52:05 before copying over from 2nd N900, trying to downgrade back to 0.2.3 in case that makes a difference Feb 11 00:52:20 yeah try that Feb 11 00:52:41 seems to be working .. pem files are coming in :) Feb 11 00:53:18 okay.. seems good. let's see what applet seed Feb 11 00:53:47 still blank. hmm Feb 11 00:56:10 jonwil: seems to me that some sort of "link" is missing/not being created? Feb 11 00:56:24 no idea Feb 11 01:01:31 cmcli -T common-ca -L gives no output. Feb 11 01:07:28 Whats in /etc/secure/s? Feb 11 01:09:26 certman.blacklist and certman.common-ca Feb 11 01:09:39 this is really weird :-/ Feb 11 01:10:03 whats the md5sum of those files? Feb 11 01:12:30 91794a35d379f34c89cf1599009d1f10 /etc/secure/s/certman.blacklist Feb 11 01:12:38 ee7333ca72a2fe3d84406e0f9e37cb8b /etc/secure/s/certman.common-ca Feb 11 01:12:44 ok, those are what I have Feb 11 01:12:50 what do you have in /etc/certs Feb 11 01:12:58 trusted, common-ca, blacklist, right? Feb 11 01:13:35 yes Feb 11 01:13:45 and in trusted you have? Feb 11 01:14:24 nothing. hmm Feb 11 01:15:04 yeah that's your problem Feb 11 01:15:11 you should have root.ca and root.key there Feb 11 01:15:38 comes from libmaemosec0, let me reinstall that Feb 11 01:15:50 yep Feb 11 01:15:51 but this was there before.. Feb 11 01:16:09 I am totally out of ideas to fix your system... Feb 11 01:16:34 fwiw: 'default' CSSU system: http://paste.opensuse.org/99788683 Feb 11 01:18:32 wtf! reinstalling doesn't restore root.ca & root.key Feb 11 01:18:34 :/ Feb 11 01:18:41 weird Feb 11 01:18:46 copy from your other N900... Feb 11 01:24:44 I can't find any root.ca and root.key in http://oss.fruct.org/repository/pool/maemo5.0/non-free/m/maemo-security-certman/libmaemosec-certman0_0.1.6+0m5_armel.deb Feb 11 01:24:51 good now :) Feb 11 01:25:09 certificates showing in applet Feb 11 01:25:20 and looking the same as other N900. Feb 11 01:26:06 http://maemo.org/packages/view/libmaemosec0/ also sucks Feb 11 01:26:46 and do microsoft etc work or fail? Feb 11 01:27:04 since both should now be running the new set of root CA certs I believe Feb 11 01:27:30 fail :( Feb 11 01:29:54 rebooting, although this doesn't seem to really help ... Feb 11 01:30:37 jonwil: whats the problem with gdb? Feb 11 01:32:04 missing source? Feb 11 01:32:28 no Feb 11 01:33:58 I connect to browserd with gdb --pid then break on the function I want then trigger it and gdb prints "Program terminated with signal SIGTRAP, Trace/breakpoint trap." Feb 11 01:34:17 err Feb 11 01:34:26 o.O Feb 11 01:35:18 very weird Feb 11 01:36:09 >> I partially solved the issue by starting the application with GDB (instead of attaching the process)... Then its working fine.. No idea abt the root cause though..<< Feb 11 01:36:29 Starting with gdb wont work because of how browserd is started Feb 11 01:36:41 maemo-launcher? Feb 11 01:38:39 ooh /sbin/dsme -p /usr/lib/dsme/libstartup.so Feb 11 01:39:38 hmmmm, I think you could patch the dsmetool command that starts browserd Feb 11 01:40:00 yeah probably Feb 11 01:40:11 not sure how though Feb 11 01:40:46 or simply stop the browserd process via dsmetool and start it plain in gdb instead - after all dsme is only a glorified process monitor Feb 11 01:41:57 friggin dsmetool has no option to list active processes Feb 11 01:42:35 -k --stop= Stop a process started with cmd Feb 11 01:43:57 that doesn't seem to work Feb 11 01:44:07 stopping doesn't work? Feb 11 01:44:22 it says "not found, not root or kill failed" Feb 11 01:44:56 wrong Feb 11 01:45:00 IroN900:~# dsmetool -k blabla Feb 11 01:45:01 Process not killed: not found, not root or kill failed Feb 11 01:45:08 I dont know what to pass Feb 11 01:45:13 tried browserd Feb 11 01:45:17 and /usr/sbin/browserd Feb 11 01:45:18 no go Feb 11 01:45:39 try /usr/sbin/browserd -d Feb 11 01:45:55 nope, no error but nothing is killed either Feb 11 01:46:38 killall browserd until dsme gives up? dunno if it reboots system then Feb 11 01:47:07 yeah system reboot Feb 11 01:48:17 find the cmdline "dsmetool.*browserd" in /etc Feb 11 01:48:26 and /lib etc Feb 11 01:48:45 or even xsession Feb 11 01:50:44 /etc/X11/Xsession.post/30tablet-browser-daemon Feb 11 01:52:20 simply remove/rename/chmod >>if test -x /usr/sbin/dsmetool; then<< ;-) -- then reboot Feb 11 01:52:31 or edit that file Feb 11 01:53:01 actually it starts browserd classical way when there's no dsmetool available Feb 11 01:54:06 if test -x /usr/sbin/dsmetool; then /usr/sbin/dsmetool -c 3 -T 180 -m -17 -t "/usr/sbin/browserd -d" else Feb 11 01:54:08 run-standalone.sh /usr/sbin/browserd -d -b fi Feb 11 01:54:11 sheet Feb 11 01:55:09 anyway I can see how dsmetool might be doing things to browserd process that are not compatible with gdb Feb 11 01:55:21 iirc there can only be one process monitor Feb 11 01:55:48 dunno if dsme is a process monitor in that sense Feb 11 02:21:19 Not even sure that is the right browserd instance, my system is running 3 of them Feb 11 02:21:53 -d, -s 1512 -n RTComMessagingServer and -s 1539 -n browserui Feb 11 02:22:32 hildon-application-manager.launch also references browserd Feb 11 02:23:36 as does rtcom-messaging-ui Feb 11 02:26:43 if I can figure out what to do with a couple maemo-local patches for NSPR I might have another play at throwing in the most recent NSS/NSPR code (whatever is currently in mozilla-central mainline) and see if it builds or not Feb 11 02:27:07 but right now I gotta go out, got an appointment with a hairdresser :) Feb 11 02:36:15 jonwil: http://wstaw.org/m/2016/02/11/plasma-desktophj3616.png all those browserd instances are childs of one parent process. That's the essential 'trick' with browserd **** ENDING LOGGING AT Thu Feb 11 02:59:58 2016